公开(公告)号：US20250141932A1

公开(公告)日：2025-05-01

申请号：US19003918

申请日：2024-12-27

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.

公开(公告)号：US12192241B2

公开(公告)日：2025-01-07

申请号：US17937208

申请日：2022-09-30

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.

公开(公告)号：US20230403305A1

公开(公告)日：2023-12-14

申请号：US17937208

申请日：2022-09-30

Applicant: Juniper Networks, Inc.

Inventor： Viacheslav Dementyev ,  Kesavan Kazhiyur Mannar ,  Madhava Rao Cheethirala ,  Natarajan Manthiramoorthy ,  Raja Rao Tadimeti

IPC: H04L9/40 ,  H04L41/22

CPC classification number: H04L63/20 ,  H04L41/22 ,  H04L63/104 ,  H04L63/0876

Abstract: Techniques are described for configuration and application of intent-based network access control (NAC) policies for authentication and authorization of multi-tenant, network access server (NAS) devices to access enterprise networks of organizations. A network management system configures intent-based NAC policies for an organization. A cloud-based NAC system may apply an appropriate intent-based NAC policy in response to an authentication request from a NAS device. The NAC system identifies a vendor of the NAS device, matches incoming attributes in the authentication request to a set of normalized match rules of the intent-based NAC policy, and translates a set of abstracted policy results corresponding to the set of normalized match rules into a vendor-specific set of return attributes based on the vendor of the NAS device. The NAC system sends the vendor-specific set of return attributes to the NAS device to enable the NAS device to access the enterprise network of the organization.